Bug 1585866
| Summary: | CRMFPopClient tool - should allow option to do no key archival | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Christina Fu <cfu> | |
| Component: | pki-core | Assignee: | RHCS Maintainers <rhcs-maint> | |
| Status: | CLOSED ERRATA | QA Contact: | Asha Akkiangady <aakkiang> | |
| Severity: | high | Docs Contact: | Marc Muehlfeld <mmuehlfe> | |
| Priority: | high | |||
| Version: | 7.6 | CC: | cfu, mharmsen, msauton, rpattath | |
| Target Milestone: | rc | Keywords: | TestCaseProvided, ZStream | |
| Target Release: | --- | |||
| Hardware: | All | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | pki-core-10.5.9-1.el7 | Doc Type: | Enhancement | |
| Doc Text: |
The CRMFPopClient utility supports CRMF requests without key archival
With this enhancement, users can create Certificate Request Message Format (CRMF) requests without the key archival option when using the CRMFPopClient utility. This feature increases flexibility because a Key Recovery Authority (KRA) certificate is no longer required. Previously, if the user did not pass the "-b transport_certificate_file" option to CRMFPopClient, the utility automatically used the KRA transport certificate stored in the transport.txt file. With this update, if "-b transport_certificate_file" is not specified, Certificate System creates a request without using key archival.
|
Story Points: | --- | |
| Clone Of: | ||||
| : | 1588945 (view as bug list) | Environment: | ||
| Last Closed: | 2018-10-30 11:07:04 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1588945 | |||
|
Description
Christina Fu
2018-06-05 01:12:22 UTC
commit 8cf6b5b2ac6da169f1c63341159faebc09580798 (HEAD -> DOGTAG_10_5_BRANCH, origin/DOGTAG_10_5_BRANCH, gerrit/DOGTAG_10_5_BRANCH)
Author: Christina Fu <cfu>
Date: Mon Jun 4 16:47:57 2018 -0700
Ticket 3033 CRMFPopClient tool - should allow option to do no key archival
This patch allows key transport cert file to not be specified, which would
then not include key archive option in the CRMF request.
fixes https://pagure.io/dogtagpki/issue/3033
Change-Id: Ib8c585c15057684aa049632d8eb67c2827d7e774
for the record, this had to be manually merged dur to conflict:
commit 6a95f01f8cde2df77dba0732117df38c7e849b1e (HEAD -> master, origin/master, origin/HEAD, ticket-3033-CRMFPopClient-noArch)
Author: Christina Fu <cfu.redhat.com>
Date: Fri Jun 8 16:31:06 2018 -0700
Ticket 3033 CRMFPopClient tool - should allow option to do no key archival
This patch allows key transport cert file to not be specified, which would
then not include key archive option in the CRMF request.
fixes https://pagure.io/dogtagpki/issue/3033
Change-Id: I087bfa6700f22c794e7a316f4451b3a9dc800265
My understanding is that if a 7.6 bug was created for the purpose of 7.5z, the information only need to go into its 7.5z clone. So in this case: https://bugzilla.redhat.com/show_bug.cgi?id=1588945 (In reply to Christina Fu from comment #9) > My understanding is that if a 7.6 bug was created for the purpose of 7.5z, > the information only need to go into its 7.5z clone. > So in this case: > https://bugzilla.redhat.com/show_bug.cgi?id=1588945 But should this BZ be mentioned in RHEL 7.6 release notes again? Custumers might have seen this fix already in the 7.5 erratum. On the other side, some developers want to mention some BZs again in later RNs in case that the customer skipped a version. We writers can't decide this. If you set at least the Doc Type, I know if I should copy the text (bug fix/enhancement) or if it should not be repeated (no doc update). QE Test Verification https://bugzilla.redhat.com/show_bug.cgi?id=1588945#c3 [root@auto-hv-02-guest02 ~]# rpm -qi pki-ca Name : pki-ca Version : 10.5.9 Release : 6.el7 Architecture: noarch Install Date: Mon 17 Sep 2018 09:07:18 AM EDT Group : System Environment/Daemons Size : 2451611 License : GPLv2 Signature : RSA/SHA256, Tue 21 Aug 2018 10:24:33 PM EDT, Key ID 199e2f91fd431d51 Source RPM : pki-core-10.5.9-6.el7.src.rpm Build Date : Tue 21 Aug 2018 09:00:11 PM EDT Build Host : ppc-016.build.eng.bos.redhat.com Relocations : (not relocatable) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Vendor : Red Hat, Inc. URL : http://pki.fedoraproject.org/ Summary : Certificate System - Certificate Authority Verification steps explained in https://bugzilla.redhat.com/show_bug.cgi?id=1588945#c8 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3195 The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days |